- From: Jim Schaad <ietf@augustcellars.com>
- Date: Mon, 23 Nov 2015 21:04:23 -0800
- To: "'Ryan Sleevi'" <sleevi@google.com>
- Cc: <public-webcrypto@w3.org>
From: Ryan Sleevi [mailto:sleevi@google.com] Sent: Monday, November 23, 2015 6:16 PM To: Jim Schaad <ietf@augustcellars.com> Cc: public-webcrypto@w3.org Subject: Re: Please verify On Mon, Nov 23, 2015 at 6:15 PM, Ryan Sleevi <sleevi@google.com> wrote: On Mon, Nov 23, 2015 at 6:06 PM, Jim Schaad <ietf@augustcellars.com> wrote: In doing a deep read of the document, I want to verify that the following is intended. I have modified the example in section 33.1 by removing the "sign" usage from the set of usages in the generateKey line. * A zero-length sequence will pass Web IDL as it is legal * Section 14.3.6 does not appear to check any of the usages for generateKey * Section 20.8 says only throw an exception if some usage other than "sign" or "verify" exists. This is not the case so it will pas step 1 of Generate Key * Step 18 of Generate Key will set [[usages]] to [] (intersection of [] and ["sign"] -- This means that the generateKey will be successful. No, See step 8, which checks the [usages] of both a CryptoKey and a CryptoKeyPair to ensure that a private key does not have an empty usages. Sorry, that's Step 8 of 14.3.6 [JLS] Yes I had found that earlier and then lost it again. So one can mess up the public but not the private side. Jim
Received on Tuesday, 24 November 2015 05:07:37 UTC